redline | d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b | Triage

Submit
Reports

Overview

overview

Static

static

1

d883837202...0b.exe

windows7-x64

d883837202...0b.exe

windows10-2004-x64

Sharing

General

Target

d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b
Size

217KB
Sample

241111-cdf84szdnm
MD5

535c4ed4c57cfe7295b6fff6b7a0b677
SHA1

4d833f9cb9e5d2b95d57cad3aecd1b50666fdf24
SHA256

d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b
SHA512

e1683fe0d5bea7faf34850317b9000d93842382a2d6884829811018445e0cff6b543f45ebf17ddbecd8b388ea117c86bf43247aa112235d6fd0bb35e4a96f91a
SSDEEP

3072:gliRaiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFldG0cXxO:gliRawNveMwTDM4RVCkbSCY9fIk

Score

10^/10

redline @p1 discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b.exe

Resource

win7-20240903-en

redline @p1 discovery infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b.exe

Resource

win10v2004-20241007-en

redline @p1 discovery infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes

auth_value
54c79ce081122137049ee07c0a2f38ab

Targets

- Target
  
  d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b
- Size
  
  217KB
- MD5
  
  535c4ed4c57cfe7295b6fff6b7a0b677
- SHA1
  
  4d833f9cb9e5d2b95d57cad3aecd1b50666fdf24
- SHA256
  
  d883837202491b84ca4d766d404f777e1eed5cbbf3154cc003e8fdfbc59d130b
- SHA512
  
  e1683fe0d5bea7faf34850317b9000d93842382a2d6884829811018445e0cff6b543f45ebf17ddbecd8b388ea117c86bf43247aa112235d6fd0bb35e4a96f91a
- SSDEEP
  
  3072:gliRaiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFldG0cXxO:gliRawNveMwTDM4RVCkbSCY9fIk
Score

10^/10

redline @p1 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@p1discoveryinfostealer

behavioral2

redline@p1discoveryinfostealer

© 2018-2025

Terms | Privacy